Cryptographic issues in FortiOS - CVE-2014-0351
Published: September 10, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41343
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-0351
CWE-ID: CWE-310
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiOS
FortiOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
How to mitigate CVE-2014-0351
Install update from vendor's website.